They use the small flash inside the DRM chip in the cartridge to store the telemetry, then the e-waste companies are paid by HP to read and send to the mothership the contents of the chips sent to recycle
They use the small flash inside the DRM chip in the cartridge to store the telemetry, then the e-waste companies are paid by HP to read and send to the mothership the contents of the chips sent to recycle
You’d first need to get the flash to store other data, requiring malicious firmware modifications.
Like, its not impossible but I really can’t see anything nefarious happening to make airgapped printer that would be that big a deal.
Lets say a malicious actor infiltrates the supply chain and loads custom firmware on the device. Somehow the malicious firmware avoids detection, and is installed in a secured environment.
What can be exfiltrated in the flash is probably pretty limited, but top 5 usernames and their top 5 IP-addresses, perhaps as many jobtitles as can be stored correlated to the above information. And now the attacker can extrapolate all sorts of classified information.
ok what if they just installed a 4G transmitter. Would be way less work and a higher success rate for retrieving anything
And easy to catch in an environment so secure that airgapping is necessary and supply chain infiltration is worthwhile